<?php
function XSRF($s){
	$ref=parse_url($_SERVER['HTTP_REFERER']);
	if(($ref['host']==$_SERVER['HTTP_HOST'])&&(basename($ref['path'])==$s)) return true;
}
/* EJEMPLO  */
if(XSRF("admin_posts.php")){
#ejecuta si es legitimo -->
$gestor=fopen('correcto.txt', 'a');
fwrite($gestor, "OK\n");
fclose($gestor);
#<-- 
}
?>